I wanted to pick up from one of our previous blogs, ‘Your Evolving Infrastructure’ regarding converging IT and Security operations to create an integrated operations centre and written by our CEO Anthony Nartey
The world of IT operations has changed significantly over the last 18 months or so, largely because of the global pandemic but also from a technology perspective. AIOps is developing rapidly, and the use of machine learning is on the rise. The mantra of log/collect everything is proliferating across most organisations and the move to cloud is still ongoing, so much so that
Reasons to consider operations convergence
So why revisit this operations convergence and why now?
Consider the 3 statements below:
As many as 60% of organisations said that at least one recent data breach occurred because a patch for an identified vulnerability had not been applied. [1]
Only 50% of security leaders are confident in their ability to ensure that business critical vulnerabilities are remediated quickly. [2]
Only 10% of organisations addressed all open vulnerabilities within a year of discovery and 25% are NEVER remediated. [3]
Frightening right? Considering we live in a technology age where automation, observability, security, and protection of data (business and personal) are deemed crucial, there remains (according to the above) a disconnect around patching and securing of business-critical assets (hardware and software).
So, the question really is why are these disciplines falling between traditional IT and Security operations?
It certainly points to a disconnect between the two. These figures are staggering and worrying and raise the long-standing question:
Should I converge my IT and Security operations?
As well as the vulnerability remediation statistics we should also explore convergence as the world starts its recovery from the COVID-19 pandemic. Businesses encouraging employees to return to the office will bring some operations staff back to a centralised location; so, are these two interrelated processes the catalyst for Operations Convergence?
Today’s SOC analysis
A recently published Ponemon Industry Report – sponsored by FireEye Inc raises some interesting findings when it comes to Security Operations Centres (SOC).
As well as Ponemon, IBM and others are reporting a significant rise in the cost of a breach ($3.86m) and the increase of data breaches (from 59 to 63%). Hardly surprising when you read the reports quoted above.
iMonitor believes the most worrying aspect of the report is information overload on security analysts. Despite the increase of observability solutions there is still a lack of visibility from a security perspective into network and IT infrastructure, plus the divide between the two still exists. Arguably though, through the use of ChatOps and other collaborative tools this divide should disappear – but there is an easier way!
Time for convergence?
This lack of visibility will only increase as organisations move into hybrid cloud environments. Event/alert overload will only proliferate as the mantra of “log/collect everything” becomes the norm. Throw into the mix the ever increasing need to extend this monitoring and collecting into Operational Technologies and Internet of Things and data, events and alarms multiply exponentially.
Given the information overload findings and the lack of visibility across the entire hybrid multi-cloud environments, is now not the time to relieve the pressure on SOC analysts (and others) by converging your operations?
The majority of infrastructure and operations solution providers (regardless of discipline) are advocating a log/collect it all approach to AIOps. This makes perfect sense as businesses need to train their AI/ML solutions, however the truth is that this approach is only creating more silo’s of information.
The simple solution is a single platform that can analyse data (from any source/discipline) and create operational and business value from it.
Being data source and type agnostic iMonitor offers a single platform to provide operational and business insights, which in turn creates business and operational value. Built on open source technologies means that vendor lock-in is avoided and integration to existing and complimentary technologies is achievable.
But it’s not only about the technology. We need to consider the impact of convergence of the organisation and its people. As these AI/ML solutions become more trusted by organisations the lines between NOC and SOC will blur. Operations staff will most likely be asked to work across multiple disciplines thus creating hybrid roles to operate and maintain hybrid infrastructures.
Add to the mix the new processes and job roles that come with DevSecOps, Site Reliability Engineers and Cyber Analysts and it makes sense to cross train and converge. To add benefit, this in turn would help the reported global skill crisis in IT/Cyber disciplines.
Finally, as organisations re-assess the old ways of working (pre COVID-19) and embrace the new way of working (the last 18 months or so) we believe that convergence coupled with automation is a key and perhaps critical strategy for businesses globally.
For more information on the iMonitor data platform
why not sign up for our blogs or
visit our website at www.imonitor.ai
ABOUT THE AUTHOR
David Metcalfe is Principal Consultant at iMonitor.
David is an experienced IT Consultant with a flair for the architecting and provision of IT solutions across a variety of industries.
David has been involved in many successful pre and post sales opportunities, delivering across multiple industries, with a major focus on the service management and ongoing support of these implementations/projects.